Chapter 2.1
Reasons for Hackers to Hack
1) Attention -> They want bragging rights. The ability to say "I did that" 2) Thrill -> Some hackers get a thrill from being able to get passed security systems 3) Criminal -> Wants to gain access to information to receive some type of reward. This can be financial, political, or something else entirely.
Reasons for Employees being Threat Actors
1) Employee could be disgruntled and motivated by a personal vendetta. 2) The employee might want to make money from a bribe for information. 3) Working alone to steal customer credit card information These type of attacks require a conscious
Example of Opportunistic Attack
A common example of an opportunistic attack is ransomware. An attacker will gain access to a system, plant a virus that encrypts all user data and demand a payment for decrypting the data.
Internal Espionage
A competitor hires a spy that gets a job at a competitors company. The new employee then exploits and internal vulnerabilities they can find and steals information from their client
Dealing with Targeted Attacks
Although they almost impossible to defend against it is still beneficial to protect your network and minimize your attack surface as much as possible to make it that much harder for an attacker to succeed.
Opportunistic Attack and Vulnerabilities
An Opportunistic Attack is typically automated and involves scanning a wide range of systems for known vulnerabilities such as old software, exposed ports, poorly secured networks, default configurations etc. Once a vulnerability is found the attacker will exploit is steal what they need and get out.
Unintentional Threat Actor
An employee becoming a threat actor without them even knowing. They create security breaches doing what they think is harmless day to day work. This is the most common insider threat. They do not understand that what they are doing is wrong so they will continue to act in ignorance.
Threat Actor
Any individual or entity that carries out an attack. They are all different with their motives, attributes, and attack characteristics. Example: Single hacker motives VS an organized crime group motives
Types of Threat Actors: Hackers
Any threat agent who uses their technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information.
Types of Threat Actors: Competitors
Business is competitive and sometimes competition causes organizations to cross the line and use corporate espionage to try to get information from competitors. This refers to all companies including giant corporations, non profit companies, private companies, and even smaller companies.
Best way to protect against an Opportunistic Attack
Follow security best practices, keep systems up to date, close all unused ports, disable unused services.
Types of Threat Actors: Insiders
Most overlooked threat actor. Could be referring to a customer, janitor, or security guard. However, most of the time it's an employee. Employees are potential threats and you need to take the appropriate actions to prevent them from becoming actual threat actors and exploiting a vulnerability. Insiders typically have it easier to access company information and assets than someone on the outside who is trying to break in making them a much more dangerous threat.
Example of a targeted attack
One example of a targeted attack is Stuxnet. Stuxnet is a malicious computer worm that was specifically designed to target only SCADA systems. It was created to target industrial centrifuges used by the Iranian Nuclear program. The code from Stuxnet was so large and complex that it would have required huge amounts of funding and resources to create.
Targeted Attacks and Vulnerabilities
Targeted attacks almost always use unknown exploits and go to great lengths to cover their tracks and hide their presence. They also use completely new programs written from the ground up that are specifically designed for the target.
External Espionage
The competitor hires a spy to attack a company from the outside by exploiting any external vulnerabilities that exist and again returns the information to their client.
A targeted attack
The more dangerous out of the two and is almost impossible to defend against. Extremely methodical and is often carried out by multiple entities that have substantial resources. The main goal of the targeted attack is to do damage for example leak sensitive information or destroy important data.
Opportunistic Attack
The threat actor is always trying to make money as fast as possible and with minimal effort. Attackers won't brother to hide their tracks or presence because it is very time consuming. "Smash and grab of Cyber Attacks"
Hacktivist
These are hackers that have a political motive and are usually are out to disrupt governments, large corporations, or other entities that oppose their political views.
